Closed longwa closed 8 years ago
i think it makes sense that the same origin policy is enforced by default. however, being able to override that is a must-have.
grails3 version of the plugin: i would say all fine because it is easy to just use a custom websocket config
grails2 version: we could
allowedOrigins
(List<String>
)useCustomConfig = true
, which has the "drawback" that you need to define the GrailsSimpAnnotationMethodMessageHandler
manually if you want to use grails controllers as message handlers what do you think? appreciate your feedback!
I like the idea of having an allowedOrigins
config setting. That seems to fit best into the Grails 2 version. I haven't looked at the Grails 3 version but it sounds like the workaround there is acceptable (unless the config setting can be included easily there too).
@zyro23 setting
grails.plugin.springwebsocket.allowedOrigins = ["*"]
in the Config.groovy under grails 2 doenst work for me, or have i misunderstood your hint above?
@longwa do you have the Stackoverflow link for me?
@dtamm The configuration isn't available in 1.3.0, the proposal is to make this configurable if I'm understanding correctly.
Here is the stackoverflow with the suggestion to add the setAllowedOrigin("*") when creating the endpoint.
http://stackoverflow.com/questions/29677418/websockets-over-https-403-forbidden
ah okay, so i misunderstood :) and you have an workaround for grails 2? or was it for grails 3?
"workaround" for grails 2 would be to use useCustomConfig = true
and use a custom web socket config. however ill try to take care of allowedOrigins
on the 1.3.x
branch today or tomorrow.
@zyro23 Thanks. I've built a custom version for now so no rush for us. If you have other changes for this branch it can certainly wait. I'd love to move to Grails 3 but I don't see that happening with our application anytime soon unfortunately.
just published 1.3.1, closing this one. if you get the chance to try it out, a quick feedback here if all works out as expected would be appreciated. my local tests using allowedOrigins = ["*"]
worked fine.
cool. hit this today myself (grails 3 app thou).
tried to fix the cause instead of just using setAllowedOrigins("*")
, with success.
my proxy did not set the Forwarded
/ X-Forwarded-
header(s) correctly. ref:
When adding the endpoint, the allowed origins should be set with a wildcard to allow for certain proxy and firewall scenarios to work properly.
ser.addEndpoint(endpoint).setAllowedOrigins("*").withSockJS()
I've tested this with Grails 2.5.4 on the 1.3.0 version and it does fix our problem with WS not working properly through our VPN. There's a stack overflow article discussion this same issue with this solution accepted.
I can submit a PR if needed.